Active Directory monitoring with Anturis
Gather data, analyze trends and alleviate potential bottlenecks
before they impact on your AD performance
Anturis offers a fully cloud-based monitoring application that allows you to keep abreast of your Active Directory infrastructure on a constant basis. It can alert you of concerning errors through email or SMS notifications. Anturis can establish performance baselines for your directory servers and replication structure so you can cite performance trends and help alleviate potential bottlenecks before they have a negative impact on your AD performance.
Why monitor Active Directory?
Enterprise networks today depend on reliable, steady performance when it comes to their Active Directory structure. Probably nothing generates more help desk orders than AD issues. Slow logons and account lockouts stifle productivity and replication issues can bring inconsistent results when it comes to issues of roaming profiles, mapped drives, password resets and group policy updates just to name a few.
For these reasons, the monitoring of today’s Active Directory infrastructure is essential in order to avoid these performance disruptions and ensure that users get the same desktop experience they expect each and every day.
Nothing is more basic than the user logon process when it comes to day-to-day network operations, but Active Directory encompasses so much more. Proper and successful Active Directory monitoring implementations can only help today’s IT staffs diagnose problems with real time monitoring data, but assist network architects and engineers in identifying bottlenecks and assist in future planning to ensure that their Active Directory structures can meet the needs of tomorrows ever growing client loads.
With Anturis you can monitor the following AD metrics:
- Server Sessions – This represents the number of users who may be accessing your directory servers. This is but one of several diagnostics that allows you to identify potential logon slowness as well as performance trends.
- LDAP Client Sessions – This is the number of sessions opened by LDAP clients and is helpful in determining LDAP client activity and server load. Like the Server Sessions diagnostic, you can select a threshold and configure real time alerts when these threshold limitations have been breached.
- LSASS CPU Usage – The LSASS.exe process is responsible for domain authentication and Active Directory management. A number of critical AD components are dependent on this process including the net logon service, Kerberos v5 authentication and NTLM authentication protocols just to name a few. High utilization levels can cause domain controllers to respond slowly if not at all to client service requests.
- LDAP Bind Time – This is the time measured in milliseconds needed to complete the last successful LDAP binding. LDAP client transmits a BIND request to a server in order to change the authorization state of the client connection. A higher metric value points to either hardware or network performance issues.
- Kerberos Authentications/sec – This counter shows the number of times per second a client uses a Kerberos client ticket to authenticate to a DC. A higher number can indicate potential load problems while a lack of activity can indicate problems that are preventing authentication requests from succeeding.
- NTLM Authentications/sec – Anturis supports legacy systems such as NT and Windows 98 to identify authentication issues with those operating systems as well.
- LDAP Searches – a simple metric showing the number of search queries implemented by domain clients.
- DS Threads – Shows the current number of threads in use by the directory service that are servicing client API calls. This diagnostic can be used to indicate whether additional processors should be used.
- Replication – If an organization has more than one domain controller, than proper AD replication is absolutely essential for password resets and user account modifications as well as the distribution of group policies in order to assure that users get the same reliable desktop experience they expect. Changes made to AD objects must initiate timely synchornizaitons with the entire AD structure. Metrics used to measure replication performance within Anturis include Replication status, DRA Pending Replication Synchronizations and DRA Pending Replication Operations.
Leave a Comment